profile
viewpoint
David Chang davidchang @airbnb Seattle, WA http://davidandsuzi.com web at Airbnb. past: Facebook, TUNE, Amazon.

davidchang/redux-pokedex 82

Simple Pokedex app to start learning Redux

davidchang/angular-facebook-utils 73

Angular Facebook Utils

davidchang/react-flux-webpack-boilerplate 25

Flux skeleton with Webpack build, JSX, ES6, and hot update loaders

davidchang/html5-rap-synthesis 10

That HTML speech synthesis API was really intended for rap synthesis

davidchang/presentation-poc 8

Proof of concept synced presentation Yeoman/Angular/Firebase app

davidchang/isomorphic-views-in-angular-via-react-poc 7

Proof of concept showing how React can be used to achieve isomorphism and faster renders within Angular

coderjonny/remoji 3

React Emoji Components

davidchang/am-i-down 3

Full Am I Down App

davidchang/am-i-down-one-page-app 3

One page angular seed app for am-i-down

push eventdavidchang/davidandsuzi.com

David Chang

commit sha eb788956ad0a9a46d246774e88a4b6f4e774e79c

adding new 5/28 SOC post

view details

push time in 3 days

push eventdavidchang/davidandsuzi.com

David Chang

commit sha 08e1736faeaf812583fa56ddb31e32278619ba3b

update about and add new post

view details

David Chang

commit sha 4d7598cec24371ff65d8d6cb52f81f7acab62697

Merge branch 'gh-pages' of https://github.com/davidchang/davidandsuzi.com into gh-pages

view details

push time in a month

push eventdavidchang/davidandsuzi.com

dependabot[bot]

commit sha c61631e0102c258d269aa6c131f99ff2f4c929ca

Bump rubyzip from 1.2.2 to 2.0.0 Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 2.0.0. - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md) - [Commits](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v2.0.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

David Chang

commit sha 343965859f882633bdc17a7eeb74ef1c9adf295a

Merge pull request #6 from davidchang/dependabot/bundler/rubyzip-2.0.0 Bump rubyzip from 1.2.2 to 2.0.0

view details

push time in a month

PR merged davidchang/davidandsuzi.com

Bump rubyzip from 1.2.2 to 2.0.0 dependencies

Bumps rubyzip from 1.2.2 to 2.0.0. <details> <summary>Release notes</summary>

Sourced from rubyzip's releases.

v2.0.0

Security

  • Default the validate_entry_sizes option to true, so that callers can trust an entry's reported size when using extract #403
    • This option defaulted to false in 1.3.0 for backward compatibility, but it now defaults to true. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to true.

Tooling / Documentation

  • Remove test files from the gem to avoid problems with antivirus detections on the test files #405 / #384
  • Drop support for unsupported ruby versions #406

v1.3.0

Security

  • Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
    • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

New Feature

  • Add add_stored method to simplify adding entries without compression #366

Tooling / Documentation

  • Add more gem metadata links #402

v1.2.4

  • Do not rewrite zip files opened with open_buffer that have not changed #360

Tooling / Documentation

  • Update example_recursive.rb in README #397
  • Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

v1.2.3

  • Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
  • Support frozen string literals in more files #390
  • Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

Tooling / Documentation:

  • CI updates #392, #394
    • Bump supported ruby versions and add 2.6
    • JRuby failures are no longer ignored (reverts #375 / part of #371)
  • Add changelog entry that was missing for last release #387
  • Comment cleanup #385

Since the GitHub release information for 1.2.2 is missing, I will also include it here:

1.2.2

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from rubyzip's changelog.

2.0.0 (2019-09-25)

Security

  • Default the validate_entry_sizes option to true, so that callers can trust an entry's reported size when using extract #403
    • This option defaulted to false in 1.3.0 for backward compatibility, but it now defaults to true. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to true.

Tooling / Documentation

  • Remove test files from the gem to avoid problems with antivirus detections on the test files #405 / #384
  • Drop support for unsupported ruby versions #406

1.3.0 (2019-09-25)

Security

  • Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
    • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

New Feature

  • Add add_stored method to simplify adding entries without compression #366

Tooling / Documentation

  • Add more gem metadata links #402

1.2.4 (2019-09-06)

  • Do not rewrite zip files opened with open_buffer that have not changed #360

Tooling / Documentation

  • Update example_recursive.rb in README #397
  • Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

1.2.3

  • Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
  • Support frozen string literals in more files #390
  • Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

Tooling / Documentation:

  • CI updates #392, #394
    • Bump supported ruby versions and add 2.6
    • JRuby failures are no longer ignored (reverts #375 / part of #371)
  • Add changelog entry that was missing for last release #387
  • Comment cleanup #385 </details> <details> <summary>Commits</summary>
  • 2825898 Merge pull request #408 from rubyzip/v2-0-0
  • cb407b1 Bump version to 2.0.0
  • e1d9af6 Merge pull request #406 from rubyzip/bump-supported-ruby
  • 3641a96 Merge pull request #405 from rubyzip/remove-test-files
  • e79d9ea Merge pull request #407 from rubyzip/v1-3-0
  • 7c65e1e Bump version to 1.3.0
  • d65fe7b Merge pull request #403 from rubyzip/check-size
  • 35446f4 Drop old ruby and JDK versions from CI
  • 74d4bec Remove test files from gem
  • 97cb6ae Warn when an entry size is invalid
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventdavidchang/davidandsuzi.com

dependabot[bot]

commit sha b8a38f66cbc7aad879287a66a5db1647d4a19b3d

Bump nokogiri from 1.10.3 to 1.10.8 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.3 to 1.10.8. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.3...v1.10.8) Signed-off-by: dependabot[bot] <support@github.com>

view details

David Chang

commit sha 1e146746c53ba39e014f75dde0a783ca4335ebaa

Merge pull request #7 from davidchang/dependabot/bundler/nokogiri-1.10.8 Bump nokogiri from 1.10.3 to 1.10.8

view details

push time in a month

PR merged davidchang/davidandsuzi.com

Bump nokogiri from 1.10.3 to 1.10.8 dependencies

Bumps nokogiri from 1.10.3 to 1.10.8. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

</details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Fixed

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6 / 2019-12-03

Fixed

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

  • CVE-2019-13117
  • CVE-2019-13118
  • CVE-2019-18197
  • CVE-2019-19956

More details are available at #1943.

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915).

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 6ce10d1 version bump to v1.10.8
  • 2320f5b update CHANGELOG for v1.10.8
  • 4a77fdb remove patches from the hoe Manifest
  • 570b6cb update to use rake-compiler ~1.1.0
  • 2cdb68e backport libxml2 patch for CVE-2020-7595
  • e6b3229 version bump to v1.10.7
  • 4f9d443 update CHANGELOG
  • 80e67ef Fix the patch from #1953 to work with both git and patch
  • 7cf1b85 Fix typo in generated metadata
  • d76180d add gem metadata
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

more